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What Is Claimed Is: 

1 . An information appliance of the type having first storage for programs and 
data, and processor logic and executing computer program instructions to perform a 

5 task involving a user data; the information appliance characterized in that: separate 
control processing environments and user processing environments are created and 
maintained so that: (1) user data having unknown or untrusted content is not exposed 
in the control processor logic environment to computer program code that can execute 
any computer program code instructions imbedded in the user data; and (2) user data 
10 having unknown or untrusted content is only exposed in the user processor logic 
environment in a temporary storage different from the first storage when isolated from 
the first storage. 

2. An information appliance comprising: 

15 at least one processing logic device for executing at least one instruction; 

a first storage for storing first data and first program code including said at 
least one instruction and including a user data; 

a second storage for storing second data; 

a switching system for selectably and independently coupling and decoupling 
20 the processing logic device with the first storage and/or the second storage under 
automated control, the switching system receiving at least one control signal from the 
processing logic device for selecting a condition of the switching system; 

the processing logic device operating in a control configuration and in a user 
data configuration according to the following conditions: 
25 (i) the processing logic device may be coupled with the first storage when the 

processing logic is loaded with a program instruction not capable of executing a data 
item that has untrusted content or that did not originate within a known controlled 
environment; 
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(ii) the processing logic device may not be coupled or only restrictively 
coupled to communicate known information with the first storage when the 
processing logic is loaded with a program instruction that may be capable of executing 
a data item that has untrusted content or that did not originate within a known 

5 controlled environment; 

(iii) the processing logic device may be coupled with the second storage when 
the processing logic is loaded with a program instruction that may be capable of 
executing a data item that has untrusted content or that did not originate within a 
known controlled environment; and 

10 (iv) the processing logic device may be coupled with the first storage and the 

second storage when the processing logic is loaded with a program instruction that is 
only capable of copying a data item from the first storage to the second storage or 
from the second storage to the first storage. 

15 3. An information appliance as in claim 2, wherein the switching system can 
couple or decouple the processing logic device with the first storage and the second 
storage in at least the following ways: (i) processing logic device coupled with the 
first storage only, (ii) processing logic device coupled with the second storage only, 
(iii) processing logic device coupled with the first and second storage concurrently, 

20 (iv) processing logic device coupled with neither the first storage nor the second 
storage. 

4. An information appliance as in claim 2, wherein the processing logic device 
comprises a microprocessor. 

25 

5. An information appliance as in claim 2, wherein the processing logic device is 
selected from the set of processing logic circuits consisting of: a microprocessor, a 
central processing unit (CPU), a controller, a micro-controller, an ASIC, a logic 
circuit, a programmable logic circuit, and combinations of these. 

30 
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6. An information appliance as in claim 2, wherein the information appliance is 
selected from the set of information appliances consisting of: a computer, a notebook 
computer, a personal data assistant, a personal data organizer, a cellular telephone, a 
mobile telephone, a radio receiver, a radio transmitter, a GPS receiver, a satellite 

5 telephone, an automobile on-board computer, an aircraft on-board computer, a 
navigation device, a home appliance, a printing device, a scanning device, a camera, 
an electronic camera, a television receiver, a broadcast control system, an electronic 
instrument, a medical monitoring device, a security device, an environmental control 
system, a electronic device, and combinations of these. 

10 

7. An information appliance as in claim 2, wherein the first data store and second 
data store are independently selectable and selected from the set of storage consisting 
of: a rotating magnetic hard disk drive, a rotating magnetic floppy disk drive, a CD, a 
DVD, a semiconductor memory, a solid state memory, a chemical memory, a 

15 magnetic memory, a molecular memory, a micro-drive, a flash memory, a compact 
flash card memory, a RAM memory, a ROM memory, and combinations thereof. 

8. An information appliance as in claim 2, wherein said at least one processing 
logic device comprises a plurality of processing logic devices. 

20 

9. An information appliance as in claim 8, wherein at least one of said plurality 
of processing logic devices comprises at least one microprocessor and said at least 
one instruction comprises a plurality of computer program code segments from an 
operating system and a plurality of computer program code segments from an 

25 application program; and wherein said switching system is coupleable to said 
microprocessor for receiving switch control commands for altering the switch 
configuration to selectably couple and decouple the microprocessor with the first and 
second storage. 
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10. An information appliance as in claim 9, wherein the plurality of processing 
logic devices are intermittently sequentially isolated and communicatively restricted, 
by an automated control system executing one of the processing logic devices. 

5 11. An information appliance as in claim 9, wherein the second storage is 
configured to perform as a temporary storage during a processing operation when it is 
coupled with the processing logic device and automatically erased after each 
processing has occurred independent if the processing completed with error condition 
or without error condition, where an error condition may include detection of a virus 
10 or other malicious code execution.. 

12. An information appliance as in claim 10, wherein the plurality of processing 
logic devices and at least said first and second storage are dynamically configurable to 
create computing environments having determined characteristics. 

15 

13. An information appliance as in claim 1, wherein said first storage stores a 
master template file having operating system and application program components 
and a protected copy of user data. 

20 14. A method for operating an information appliance of the type having at least 
one processing logic device for executing at least one instruction, a first storage for 
storing first data and first program code including said at least one instruction and 
including a user data, and a second storage for storing second data; the method 
comprising: 

25 selectively and independently switching to couple and decouple the processing 

logic device with the first storage and/or the second storage under automated control 
upon receipt of at least one control signal from the processing logic device for 
selecting a condition of the switching system; 

operating the processing logic device in a control configuration and in a user 

30 data configuration according to the following conditions: 
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(i) permitting coupling the processing logic device with the first storage when 
the processing logic is loaded with a program instruction not capable of executing a 
data item that has untrusted content or that did not originate within a known 
controlled environment; 
5 (ii) not permitting coupling the processing logic device with the first storage or 

only restrictively permitting coupling the processing logic device with the first storage 
to communicate known information when the processing logic is loaded with a 
program instruction that may be capable of executing a data item that has untrusted 
content or that did not originate within a known controlled environment; 

10 (iii) permitting coupling the processing logic device with the second storage 

when the processing logic is loaded with a program instruction that may be capable of 
executing a data item that has untrusted content or that did not originate within a 
known controlled environment; and 

(iv) permitting coupling the processing logic device with the first storage and 

1 5 the second storage when the processing logic is loaded with a program instruction that 
is only capable of copying a data item from the first storage to the second storage or 
from the second storage to the first storage. 

15. A method for operating an information appliance as in claim 14, further 
20 comprising: erasing the second storage after any processing logic device has used said 

second storage to process a user data. 

16. A method for operating an information appliance as in claim 14, wherein the 
information appliance is selected from the set of information appliances consisting of: 

25 a computer, a notebook computer, a personal data assistant, a personal data organizer, 
a cellular telephone, a mobile telephone, a radio receiver, a radio transmitter, a GPS 
receiver, a satellite telephone, an automobile on-board computer, an aircraft on-board 
computer, a navigation device, a home appliance, a printing device, a scanning device, 
a camera, an electronic camera, a television receiver, a broadcast control system, an 
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electronic instrument, a medical monitoring device, a security device, an 
environmental control system, a electronic device, and combinations of these. 

17. A method for operating an information appliance as in claim 14, wherein said 
5 at least one processing logic device comprises a plurality of processing logic devices. 

18. A method for operating an information appliance as in claim 17, wherein at 
least one of said plurality of processing logic devices comprises at least one 
microprocessor and said at least one instruction comprises a plurality of computer 

10 program code segments from an operating system and a plurality of computer program 
code segments from an application program; and wherein said switching system is 
coupleable to said microprocessor for receiving switch control commands for altering 
the switch configuration to selectably couple and decouple the microprocessor with 
the first and second storage. 

15 

19. An information processing device comprising: 

a housing having a form factor of a computer PC Card and a plurality of 
PCCardBus interface connections; 

a plurality of processors disposed within said housing; 
20 a plurality of data stores disposed within said housing or coupled thereto; 

a protected data store portion selected from said plurality of data stores for 
storing at least a user data; 

a data store switch system coupled with said plurality of data stores, said 
switch system coupled with a data store switch configuration for configuring 
25 communication with one or more data store disposed within said housing; 

an I/O switch system coupled with at least one peripheral, said I/O system 
coupled with an I/O system configuration including a plurality of traits for configuring 
communication with said peripheral disposed within said housing; 
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a plurality of computing environments, each said computing environment 
including at least one processor and identified by at least one trait selected from said 
plurality of traits, including: 

a data store switch communication path coupled with said data store 
5 switch, said data store switch communication path coupling at least one data store 
with said computing environment according to said data store switch configuration; 

an I/O switch communication path coupled with said I/O switch 
system, said I/O switch communication path for coupling said peripheral with said 
computing environment according to said I/O switch system configuration; 
10 said computing environment capable of performing a processing 

activity including receiving input from said I/O switch system and sending output to 
said I/O switch system, said processing activity performed independently of said 
processing activity of another computing environment; 

a control computing environment selected from said plurality of computing 
1 5 environments for configuring said data store switch configuration, for configuring said 
I/O switch system configuration, said data store switch configuration supporting 
communication between said control computing environment and said protected data 
store; and 

at least one user isolated computing environment selected from said plurality 
20 of computing environments; 

wherein said I/O switch system configuration is configured to direct a received 
input to at least one of said computing environment, said I/O switch system 
configuration is configured to direct an output generated by one or more of said 
plurality of computing environments to said peripheral. 

25 

20. An information processing device as in claim 19, wherein: 

the plurality of processors are independently selected from the set of 
processing logic circuits consisting of: a microprocessor, a central processing unit 
(CPU), a controller, a micro-controller, an ASIC, a logic circuit, a programmable logic 
30 circuit, and combinations of these; and 
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the plurality of data store are independently selectable and selected from the 
set of storage consisting of: a rotating magnetic hard disk drive, a rotating magnetic 
floppy disk drive, a CD, a DVD, a semiconductor memory, a solid state memory, a 
chemical memory, a magnetic memory, a molecular memory, a micro-drive, a flash 
5 memory, a compact flash card memory, a RAM memory, a ROM memory, and 
combinations thereof. 
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